GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → bridgecrewio → bridgecrew-action

bridgecrewio / bridgecrew-action

Licence: MIT License
This Github Action runs Bridgecrew against an Infrastructure-as-Code repository. Bridgecrew performs static security analysis of Terraform & CloudFormation Infrastructure code.

Labels

githubmarketplacestatic-analysisactionsgithub-actionsbridgecrew

Projects that are alternatives of or similar to bridgecrew-action

qodana-action
⚙️ Scan your Java, Kotlin, PHP, Python, JavaScript, TypeScript projects at GitHub with Qodana
Stars: ✭ 112 (+115.38%)
Mutual labels:  static-analysis, actions, github-actions
changelog-reader-action
A GitHub action to read and get data from the CHANGELOG.md file 🚀
Stars: ✭ 68 (+30.77%)
Mutual labels:  actions, github-actions
gradle-actions
Github Actions for Gradle
Stars: ✭ 29 (-44.23%)
Mutual labels:  actions, github-actions
action-label-syncer
GitHub Action to sync GitHub labels in the declarative way
Stars: ✭ 138 (+165.38%)
Mutual labels:  actions, github-actions
jacoco-report
Github action that publishes the JaCoCo report as a comment in the Pull Request
Stars: ✭ 31 (-40.38%)
Mutual labels:  actions, github-actions
release-helper
🤖 A GitHub Action that help you publish release.
Stars: ✭ 27 (-48.08%)
Mutual labels:  actions, github-actions
actions-sms
Send an SMS through GitHub Actions
Stars: ✭ 108 (+107.69%)
Mutual labels:  actions, github-actions
ssh2actions
Connect to GitHub Actions VM via SSH for interactive debugging
Stars: ✭ 62 (+19.23%)
Mutual labels:  actions, github-actions
gha
🔧 Test your GitHub Actions workflow locally.
Stars: ✭ 53 (+1.92%)
Mutual labels:  actions, github-actions
overview
Automate your workflows with GitHub actions for MATLAB.
Stars: ✭ 40 (-23.08%)
Mutual labels:  actions, github-actions
action-sync-node-meta
GitHub Action that syncs package.json with the repository metadata.
Stars: ✭ 25 (-51.92%)
Mutual labels:  actions, github-actions
action-junit-report
Reports junit test results as GitHub Pull Request Check
Stars: ✭ 103 (+98.08%)
Mutual labels:  actions, github-actions
staticcheck-action
Staticcheck's official GitHub Action
Stars: ✭ 47 (-9.62%)
Mutual labels:  static-analysis, actions
sonarqube-action
Integrate SonarQube scanner to GitHub Actions
Stars: ✭ 90 (+73.08%)
Mutual labels:  static-analysis, github-actions
ghaction-import-gpg
GitHub Action to easily import a GPG key
Stars: ✭ 161 (+209.62%)
Mutual labels:  actions, github-actions
action-python-poetry
Template repo to quickly make a tested and documented GitHub action in Python with Poetry
Stars: ✭ 85 (+63.46%)
Mutual labels:  actions, github-actions
xray-action
... a GitHub action to import test results into "Xray" - A complete Test Management tool for Jira.
Stars: ✭ 16 (-69.23%)
Mutual labels:  actions, github-actions
assign-one-project-github-action
Automatically add an issue or pull request to specific GitHub Project(s) when you create and/or label them.
Stars: ✭ 140 (+169.23%)
Mutual labels:  actions, github-actions
actions-pixela
GitHub Actions for Pixela (a-know/pi) - a-know/pi Setup Action. Linux (Ubuntu), macOS, and Windows are supported.
Stars: ✭ 12 (-76.92%)
Mutual labels:  actions, github-actions
action-autotag
Automatically generate a new tag when the manifest file (package.json, Dockerfile, custom file, etc) version changes.
Stars: ✭ 45 (-13.46%)
Mutual labels:  actions, github-actions
View All Similar Projects ➔

Bridgecrew GitHub Action

The Bridgecrew GitHub Action

Use the Bridgecrew GitHub action to scan for infrastructure-as-code errors in your GitHub action pipeline. By utilizing this GitHub action in your project workflow, you can automatically start to find, fix and monitor your project for configuration errors in Terraform, CloudFormation and kubernetes. By signing up for a free Bridgecrew Community plan you can also view dashboards and reports. The community plan does not limit the number of scans or users you can invite to view the results. ​

How to use the Bridgecrew GitHub Action

In fact, it is very easy to start using the GitHub action. All you need to do is:

  1. Follow the instructions at GitHub configuration a workflow to enable Github Action in your repository.
  2. Set up an environment variable with your Bridgecrew API key, which you can get from your Bridgecrew account.
  3. In the app build job, uses the bridgecrewio/bridgecrew-action@master
  4. Optionally, supply parameters to customize GitHub action behaviour

Usage Examples

Scan IaC in your repository

      - name: Run Bridgecrew 
        id: Bridgecrew
        uses: bridgecrewio/bridgecrew-action@master
        with:
         api-key: ${{ secrets.BRIDGECREW_API_KEY }}
         directory: "example/examplea"
         check: CKV_AWS_1 # optional: run only a specific check_id. can be comma separated list
         skip_check: CKV_AWS_1 # optional: skip a specific check_id. can be comma separated list
         soft_fail: false
         framework: terraform # optional: run only on a specific infrastructure {cloudformation,terraform,kubernetes,all}
         output_format: cli
         quiet: false
         external_checks_dir: ./checkov
         download_external_modules: true # optional: download external terraform modules from public git repositories and terraform registry
         log_level: DEBUG # optional: set log level. Default WARNING

Github code scanning

Bridgecrew supports github code scanning. An example workflow configuration can be found here.

GitHub action Parameters

Parameter Description Required Default Type
api-key Environment variable name of the Bridgecrew API key from Bridgecrew app No Secret parameter
directory IaC root directory to scan No "." Input parameter
soft_fail Runs checks without failing build No Input parameters
check filter scan to run only on a specific check identifier, You can specify multiple checks separated by comma delimiter No Input parameters
skip_check filter scan to run on all check but a specific check identifier(blacklist), You can specify multiple checks separated by comma delimiter, clashes with check No Input parameters
quiet display only failed checks No Input parameters
external_checks_dir Directory for custom checks to be loaded No Input parameters
output_format The format of the output - json - cli - sarif No Input parameters
framework run on a specific infrastructure No cloudformation,terraform,kubernetes,all
download_external_modules download external terraform modules from public git repositories and terraform registry No Input parameters
log_level set log level No WARNING Input parameters

Full reference docs here.

Screenshots

Reject pull requests containing infrastructure code configuration errors Find & fix resources that might be a risk

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].